Load balancing VMware Horizon View Deployment Handbuch

VMware Horizon View
Deployment Guide
v1.0.2
load balancing view
load balancing vmware view
load balancing vmware horizon view

Copyright © 2013 Loadbalancer.org, Inc.

1

Table of Contents
About this Guide............................................................................................................................................... 4
Appliances Supported....................................................................................................................................... 4
VMware Horizon View Versions Supported...................................................................................................... 4
Loadbalancer.org Software Versions Supported............................................................................................... 4
VMware Horizon View....................................................................................................................................... 5
Horizon View Servers to Load Balance............................................................................................................. 5
Load Balancing VMware Horizon View............................................................................................................. 5
Load Balancing & HA Requirements............................................................................................................ 5
Persistence (aka Server Affinity).................................................................................................................. 5
SSL Offload.................................................................................................................................................. 5
Port Requirements....................................................................................................................................... 5
Deployment Overview....................................................................................................................................... 6
Clustered Pair Configuration for HA............................................................................................................. 6
Load Balancer Deployment Methods................................................................................................................ 6
View Client Connection Process (2 Phase).................................................................................................6
External Clients............................................................................................................................................ 7
Method 1 – Fully load balanced Phase 1 & 2 (Using Source IP Persistence).........................................7
Method 2 – Load Balanced Phase 1 (Using Source IP Persistence)......................................................8
Method 3 – Load Balanced Phase 1 (Using Application Cookie Persistence)........................................9
External Clients - Helping you Choose the most appropriate Method...................................................10
Internal Clients........................................................................................................................................... 11
Method 1 – Load Balanced Phase 1 (Using Source IP Persistence)....................................................11
Method 2 – Load Balanced Phase 1 (Using Application cookie Persistence).......................................12
Internal Clients - Helping you Choose the most appropriate Method....................................................13
Loadbalancer.org Appliance – the Basics....................................................................................................... 14
Network Configuration............................................................................................................................... 14
Accessing the Web User Interface (WUI).................................................................................................. 15
Configuring for Horizon View External Clients................................................................................................ 16
Method 1 – Fully load balanced Phase 1 & 2 (Using Source IP Persistence)............................................16
View Server Configuration.................................................................................................................... 16
Appliance Configuration........................................................................................................................ 17
Port Requirements........................................................................................................................... 17
Configure the Virtual Service & Real Servers..................................................................................17
Configure HTTP to HTTPS Redirect................................................................................................ 19
Method 2 – Load Balanced Phase 1 (Using Source IP Persistence).........................................................20
Configure Layer 7 Global Settings................................................................................................... 21
Finalizing the Configuration............................................................................................................. 23
Method 3 – Load Balanced Phase 1 (Using Application Cookie Persistence)...........................................24
Configure SSL Termination.............................................................................................................. 26
2

Configuring for Horizon View Internal Clients................................................................................................. 30
Method 1 – External Load Balanced Phase 1 (Source IP Persistence).....................................................30
Connection Server Configuration.......................................................................................................... 30
Method 2 – Load Balanced Phase 1 (Using Application cookie Persistence)............................................34
Connection Server Configuration.......................................................................................................... 34
Configure SSL Termination.............................................................................................................. 35
Testing & Verification...................................................................................................................................... 39
Using System Overview............................................................................................................................. 39
Layer 4 Status Report................................................................................................................................ 40
Layer 7 Statistics Report............................................................................................................................ 40
Appliance Logs.......................................................................................................................................... 40
Technical Support........................................................................................................................................... 41
Conclusion...................................................................................................................................................... 41
Appendix......................................................................................................................................................... 42
1 – Configuring an HTTP to HTTPS redirect.............................................................................................. 42
2 – Clustered Pair Configuration – Adding a Slave Unit.............................................................................42
3 – Company Contact Information............................................................................................................. 43

3

About this Guide
This guide details the configuration of Loadbalancer.org appliances for deployment with VMware Horizon
View. It includes details of ports/services that must be load balanced, topology considerations for the various
VMware Horizon View servers and also steps on how to configure the appliances.
For an introduction on setting up the appliance as well as more technical information, please also refer to our
quick-start guides and full administration manuals which are available at the following links:
Quickstart guide: http://www.loadbalancer.org/pdf/quickstartguideLBv7.pdf
Administration manual: http://www.loadbalancer.org/pdf/loadbalanceradministrationv7.pdf

Appliances Supported
All our products can be used with Horizon View. The complete list of models is shown below:

•

Enterprise R16

•

Enterprise

•

Enterprise MAX

•

Enterprise 10G

•

Enterprise VA

•

Enterprise VA R16

For a full specification comparison of these models please refer to: http://www.loadbalancer.org/matrix.php

VMware Horizon View Versions Supported
•

v5.2 and later

Loadbalancer.org Software Versions Supported
•

V7.5.2 and later

4

VMware Horizon View
VMware® Horizon View™ (formerly VMware View) is a virtual desktop infrastructure solution that simplifies
desktop management and provides users with access when needed, whatever their location.

Horizon View Servers to Load Balance
Server

Purpose

Connection Server

View Connection Server acts as a broker for client connections. It
authenticates users through Windows Active Directory and directs the
request to the appropriate virtual machine, physical or blade PC, or
Windows Terminal Services server.

Security Server

A security server is a special instance of View Connection Server that runs
a subset of View Connection Server functions. A security server is used to
provide an additional layer of security between the Internet and the internal
network. A security server resides within a DMZ and acts as a proxy host
for connections inside the trusted network. Each security server is paired
with an instance of View Connection Server and forwards all traffic to that
instance.

Load Balancing VMware Horizon View
Load Balancing & HA Requirements
For high availability and scalability, VMware recommend that multiple Connection Servers and multiple
Security Serves are deployed in a load balanced cluster.

Persistence (aka Server Affinity)
It's important that client requests are directed at the same View server for the duration of their session. This
can be achieved using either source IP persistence or application cookie (JSESSIONID) persistence.

SSL Offload
The load balancer can be configured to terminate SSL if required. However, this is only recommended when
JSESSIONID application cookie persistence is used.

Port Requirements
The following table shows the ports that are load balanced.
N.B. The exact ports to be load balanced depends on how the View Security/Connection Servers are load
balanced. This is covered in later sections in this guide.
5

Port

Protocol

Uses

443

TCP

HTTPS

4172

TCP

PCoIP

4172

UDP

PCoIP

32111

TCP

USB Redirection

Deployment Overview
A Virtual Services (VIP) is configured on the load balancer that acts as a connection point for clients. Clients
then connect to the VIP on the load balancer rather than connecting directly to a one of the View Servers.
These connections are then load balanced across the back-end servers (i.e. the View Servers) to distribute
the load according to the load balancing algorithm selected.

Inbound
Requests

Load
Balancer
VIP

View Server 1

(single unit
or clustered
pair)

View Server 2

The load balancer can be deployed as a single unit, although Loadbalancer.org strongly
recommends a clustered pair for resilience & high availability.

Clustered Pair Configuration for HA
In this guide a single unit is deployed first, adding a secondary slave unit is covered in section 1 of the
Appendix.

Load Balancer Deployment Methods
The load balancer can be configured in various ways to support internal and external clients as detailed in
the following sections.

View Client Connection Process (2 Phase)
View clients connect in 2 phases, these are:
Phase 1: initial connection establishment, authentication, entitlement etc.
Phase 2: tunnel connection

6

External Clients
External clients connect to the Security Servers located in the DMZ. Each Security Server must be paired
with a corresponding Connection Server. The PCoIP gateway on each Security Server must be enabled and
correctly configured to ensure that clients can successfully connect.

Method 1 – Fully load balanced Phase 1 & 2 (Using Source IP Persistence)
In this scenario ALL client traffic passes via the load balancer. This option has the advantage that only one
public IP address is required. Source IP address persistence is used which may result in an unbalanced
distribution of connections for external clients due to inline NAT/proxy devices. This can happen because
under these circumstances multiple clients can appear to come from the same IP address and therefore the
load balancer will forward all these connections to the same Security Server rather than distributing them
equally between the servers.

External
Firewall

Load
Balancer
TCP
ports:
443
4172
32111

Clients

Internal
Firewall

Phase 1 & 2

VIP

UDP
ports:
4172

Security
Server 1
the LB
must be
the GW for
the security
servers

Connection
Server 1

SSL Cert

Security
Server 2

VDI
Connection
Server 2

SSL Cert

Subnet 1

Subnet 2

Notes:

•

The VIP is configured in Layer 4 NAT mode

•

The VIP is used to load balance both phase 1 and phase 2 of the connection process and must
listen on TCP ports 443, 4172 & 32111 and UDP port 4172

•

The Security Servers must be configured to gateway the connections. Clients then connect to the
desktops via the load balancer and the Security Servers

•

Source IP address persistence may result in non balanced connections due to inline NAT/proxy
devices for external clients

•

The VIP and Security Servers must be in different subnets and the default gateway on each Security
Server must be an IP address on the load balancer. For a clustered pair this should be a floating IP
address to allow failover to the slave device

•

See pages 16-19 for appliance and server configuration steps

7

Method 2 – Load Balanced Phase 1 (Using Source IP Persistence)
In this scenario, only Phase 1 is handled by the load balancer. A single VIP in layer 7 SNAT mode is used
and is configured to use source IP address persistence to ensure that clients connect to the same Security
Server for the duration of the Phase. Once Phase 1 negotiation is complete, Phase 2 connections are direct
from the client to the Security Servers. For this this to work, each Security Server must be externally
accessible from the Internet.

External
Firewall

Internal
Firewall

TCP ports: 4172, 32111
UDP ports: 4172

Phase 2

Security
Server 1

TCP
ports:
443

Clients

Phase 1

VIP

Load
Balancer

Connection
Server 1

SSL Cert

Security
Server 2

VDI
Connection
Server 2

Phase 2
TCP ports: 4172, 32111
UDP ports: 4172

SSL Cert

Notes:

•

The VIP is configured in Layer 7 SNAT mode

•

The VIP is used to load balance phase 1 of the connection process and must listen on TCP port 443

•

desktops via the Security Servers bypassing the load balancer

•

The Security Servers must be accessible externally for Phase 2 connections

•


•


8

Method 3 – Load Balanced Phase 1 (Using Application Cookie Persistence)
In this scenario, only Phase 1 is handled by the load balancer. A single VIP in layer 7 SNAT mode is used
and is configured to use application cookie (JSESSIONID) persistence to ensure that clients connect to the
same Security Server for the duration of the Phase. Once Phase 1 negotiation is complete, Phase 2
connections are direct from the client to the Security Servers. For this this to work, each Security Server
must also be externally accessible from the Internet.

External
Firewall

Internal
Firewall

TCP ports: 4172, 32111
UDP ports: 4172

Phase 2

Security
Server 1

TCP
ports
443

Clients

Phase 1

Connection
Server 1

Load
Balancer

VIP

VDI
Security
Server 2

SSL Cert

Connection
Server 2

Phase 2
TCP ports: 4172, 32111
UDP ports: 4172

HTTPS

HTTP

Notes:

•


•

The VIP is used to load balance phase 1 of the connection process and must listen on TCP port 443

•

SSL is terminated on the Load Balancer to enable the JSESSIONID cookie to be read

•

desktops via the Security Servers bypassing the load balancer

•

The Security Servers must be accessible externally for Phase 2 connections

•

A locked.properties file must be created on each Security Server and configured to permit
HTTP connections from the load balancer

•


9

External Clients - Helping you Choose the most appropriate Method

START

Do you want to use a
single public IP address?

YES

Use Option 1

NO

YES
Do external clients have
unique IP addresses?

Use Option 2

NO

Use Option 3

10

Internal Clients
Internal clients connect directly to the Connection Servers located on the LAN. The gateway must be
disabled so that clients can connect directly to the desktops rather than passing via the load balancer or
gateway.


Load
Balancer
Connection
Server 1

TCPports: 443

Phase 1

SSL Cert

VIP

Clients

Connection
Server 2

VDI

SSL Cert

Phase 2
TCP ports: 4172, 32111
UDP ports: 4172

Notes:

•


•

A single VIP is used to load balance phase 1 of the connection process and must listen on TCP port
443

•

The security servers must NOT be configured to gateway the connections. Clients are then able to
connect directly to the desktops

•


•


11

Method 2 – Load Balanced Phase 1 (Using Application cookie Persistence)

Load
Balancer
Connection
Server 1
TCPports: 443

Clients

Phase 1

VIP

VDI
Connection
Server 2

SSL Cert
Phase 2
TCP ports: 4172, 32111
UDP ports: 4172

HTTPS

HTTP

Notes:

•


•

A single VIP is used to load balance phase 1 of the connection process and must listen on TCP port
443

•

SSL is terminated on the load balancer
N.B. SSL offload is not supported for smart-card authentication

•

The security servers must NOT be configured to gateway the connections. Clients are then able to
connect directly to the desktops

•

Persistence is based on the JSESSIONID cookie that is inserted by the Connection Servers

•

A locked.properties file must be created on each Connection Server and configured to permit
HTTP connections from the load balancer

•


12

Internal Clients - Helping you Choose the most appropriate Method

START

Do internal clients have
unique IP address?

NO

Use Option 2

13

YES

Use Option 1

Loadbalancer.org Appliance – the Basics
Network Configuration
The IP address, default gateway and DNS settings can be configured in several ways as detailed below.

Configure the IP address, Default Gateway & DNS Settings

Using the Network Setup Wizard at the console:
After boot, follow the console instructions to configure the IP address, gateway and DNS settings.

Using the WUI:
Using a browser, connect to the WUI on the default IP address/port: http://192.168.2.21:9080
to set the IP address use: Local Configuration > Network Interface Configuration
to set the default gateway use: Local Configuration > Routing
to configure DNS settings use: Local Configuration > Hostname & DNS

Using Linux commands:
At the console, set the initial IP address using the following command:
ip addr add <IP address>/<mask> dev eth0
e.g. ip addr add 192.168.2.10/24 dev eth0
At the console, set the initial default gateway using the following command:
route add default gw <IP address> <interface>
e.g. route add default gw 192.168.2.254 eth0
At the console, set the DNS server using the following command:
echo nameserver <IP address> >> /etc/resolv.conf
e.g. echo nameserver 192.168.64.1 >> /etc/resolv.conf

N.B. If this method is used, you must also configure these settings using the WUI, otherwise settings will be
lost after a reboot

14

Accessing the Web User Interface (WUI)
The WUI can be accessed from a browser at: http://192.168.2.21:9080/lbadmin
* Note the port number → 9080
(replace 192.168.2.21 with the IP address of your load balancer if its been changed from the default)
Username: loadbalancer
Password: loadbalancer
Once you have entered the logon credentials the Loadbalancer.org Web User Interface will be displayed as
shown below.
The screen shot below shows the v7.5 WUI once logged in:

15

Configuring for Horizon View External Clients
External clients connect to View Security Servers. This section covers the various methods for load
balancing Security Servers.

NOTE: It's highly recommended that you have a working VMware Horizon View environment
first before implementing the load balancer.

Method 1 – Fully load balanced Phase 1 & 2 (Using Source IP Persistence)
This method uses a Firewall Mark configuration which enables a single VIP to support both TCP and UDP.

View Server Configuration
The following sections illustrate how the Connection/Security Servers must be configured for external clients.
Paired Connection Server Settings
For each Connection Server leave the servers own IP address and ensure all check boxes are enabled:

16

Paired Security Server Settings
For each Security Server set the IP addresses to be the external address of the VIP , e.g. :

N.B. In this example 10.100.120.10 is used, in production publicly accessible IP addresses would be
required. In this example the external firewall would NAT 10.100.120.10 to the VIP address 192.168.110.10.

Appliance Configuration
Port Requirements

The following table shows the ports that must be load balanced.
Port

Protocol

Uses

443

TCP

HTTPS

4172

TCP

PCoIP

4172

UDP

PCoIP

32111

TCP

USB Redirection

Configure the Virtual Service & Real Servers

a) Setting up the Virtual Service

•

Using the WUI, go to Cluster Configuration > Layer 4 – Virtual Service and click
[Add a New Virtual Service]

•

Enter the following details:

17

•
•
•
•
•
•
•
•
•
•
•
•

Enter an appropriate label for the VIP, e.g. ViewExternal
Set the Virtual Service IP address field to the required Mark value, e.g. 1
Leave the Virtual Service Ports field blank
Set Forwarding Method to NAT
Set Persistence to Yes
Click Update
Now click [Modify] next to the newly created VIP
Set Check Type to Negotiate connection
Set Check Port to 443
Set Protocol to HTTPS
Set Response expected to VMware
Click Update

b) Setting up the Real Servers

•

Using the WUI, go to Cluster Configuration > Layer 4 – Real Servers and click
[Add a new Real Server] next to the newly created VIP

•


•
•

Enter an appropriate label for the RIP, e.g. Security1
Change the Real Server IP Address field to the required IP address, e.g. 192.168.120.100
18

•
•
•

Leave the Real Server Port field blank
Click Update
Repeat the above steps to add your other Security Server(s)

c) Configure the Firewall Rules (required for Firewall Marks)

•
•

Using the WUI, go to Maintenance > Firewall Script
Scroll down to the “Manual Firewall Marks” section and configure the following rules:
VIP1="192.168.100.10"
iptables -t mangle -A PREROUTING -p tcp -d $VIP1 --dport 443 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -d $VIP1 --dport 4172 -j MARK --set-mark 1
N.B. set 'VIP1' to the required IP address

•

Click Update

d) Add the Floating IP address

•
•
•

Using the WUI, go to Cluster Configuration > Floating IP's
Enter the IP address for the VIP, e.g. 192.168.100.10
Click Add Floating IP

Configure HTTP to HTTPS Redirect

If required, the load balancer can be configured to automatically redirect users who attempt to connect to
http://<URL to access VIEW> to https://<URL to access VIEW>. For details on configuring this, please
refer to section 1 in the Appendix.

19


For each Connection Server leave the servers own IP address and ensure all check boxes are enabled :

For each Security Server set the IP addresses to be the external address for that Security Server, e.g. :

20

N.B. In this example 10.100.100.100 used, in production publicly accessible IP addresses would be required.
In this example the external firewall would NAT 10.100.100.100 to the Security Servers address
192.168.100.100

Port Requirements

Port

Protocol

Uses

443

TCP

HTTPS

Configure Layer 7 Global Settings

To ensure that client connections remain open during periods of inactivity, the Clitimeout and Srvtimeout
values must be changed from their default values of 43 seconds and 45 seconds respectively to 10 mins. To
do this follow the example steps below:

•

Go to Cluster Configuration > Layer 7 – Advanced Configuration

21

•

Change Client Timeout to 10m as shown above (i.e. 10 minutes)

•

Change Real Server Timeout to 10m as shown above (i.e. 10 minutes)

•

Click the Update button to save the settings



•


•


•
•
•
•
•

Set the Virtual Service IP address field to the required IP address, e.g. 192.168.100.10
Set the Virtual Service Ports field to 443
Leave Persistence mode set to Source IP
Click Update

22


•


•


•
•
•
•
•

Change the Real Server Port field to 443
Click Update



Finalizing the Configuration

To apply the new settings, HAProxy must be restarted as follows:

•

Go to Maintenance > Restart Services and click Restart HAProxy

23

Method 3 – Load Balanced Phase 1 (Using Application Cookie Persistence)


For each Connection Server leave the servers own IP address and uncheck the 'Use Secure Tunnel
connection to desktop' checkbox as shown below:

For each Security Server set the IP addresses to be the external address for that Security Server , e.g. :

24

N.B. In this example 10.100.100.100 used, in production publicly accessible IP addresses would be required.
In this example the external firewall would NAT 10.100.100.100 to the Security Servers address
192.168.100.100.

Allowing HTTP connections
Since SSL is terminated on the load balancer, there will be an HTTP connection from the load balancer to the
Security Servers. To enable this, follow these steps for each Security Server:

•

Navigate to the folder C:Program FilesVMwareVMware ViewServersslgatewayconf

•

Create a text file called locked.properties with the following contents:
ServerProtocol=http

Port Requirements

Port

Protocol

Uses

443

TCP

HTTPS

25



•


•


•


•


Configure SSL Termination

•

Using the WUI, go to Cluster Configuration > SSL Termination and click

•


•
•
•
•

Enter an appropriate label for the VIP, e.g. ViewExternalSSL
Set the Backend Virtual Service IP Address field to same IP address, e.g. 192.168.100.10

26

•
•
•

Set the Backend Virtual Service Port field to 80
Leave other fields at their default values
Click Update



•


•


•
•
•
•
•

Set the Persistence mode to None
Click Update


•


•


27

•
•
•
•
•

Click Update

Configure Application Cookie Persistence
1) Disable the ability for the system to re-write the HAproxy Configuration – this ensures that the
manual configuration changes described in the following sections are not overwritten by the system:

•

Using the WUI, go to: Cluster Configuration > Layer 7 – Advanced Configuration, and enable the
Lock HAProxy Configuration checkbox

•

Click Update

2) Edit the HAProxy configuration file – this is required to allow for custom layer 7 configurations:

•

Using an editor either via the command line or using a utility such WinSCP, edit the file HAProxy.cfg
located in /etc/haproxy and add the line shown bold below:
listen ViewExternal
bind 192.168.100.10:80
mode tcp
balance leastconn
server backup 127.0.0.1:9081 backup non-stick
appsession JSESSIONID len 32 timeout 1800000
option redispatch
option abortonclose
maxconn 40000
…
…

•

Save the file

28

Upload The SSL Certificate
1) Export the SSL Certificate from a View Server – note the following points when exporting the certificate
from Windows:

•
•

Make sure that the private key is included
Tick the option 'Include all certificates in the certification path if possible'

2) Convert the SSL Certificate from .pfx format to PEM format (required by the load balancer) – follow
the steps listed below:

•

Using Openssl on a Windows PC, convert the certificate using the following command:
openssl pkcs12 -in c:certscertificate.pfx -nodes -out c:certscertificate.pem

N.B. Openssl can be downloaded from: http://slproweb.com/products/Win32OpenSSL.html – you
can use either the 'light' version or the 'full' version
3) Import the SSL Certificate to the Load Balancer – follow the steps listed below:

•

Using the WUI goto: Cluster Configuration > SSL Termination, click [Certificate] next to the SSL VIP
created earlier

•
•
•

Using the browse option, navigate to and select the .pem file created in the previous step
Click Upload PEM file
Now restart Stunnel





•


29

Configuring for Horizon View Internal Clients
Internal clients connect to View Connection Servers. This section covers the various methods for load
balancing Connection Servers.

NOTE: It's highly recommended that you have a working VMware Horizon View environment
first before implementing the load balancer.

Method 1 – External Load Balanced Phase 1 (Source IP Persistence)

Connection Server Configuration
For each Connection Server leave the servers own IP address and un-check the 'Use PCoIP Secure
Gateway for PCoIP connections to desktop' as shown below:

30

Port Requirements

Port

Protocol

Uses

443

TCP

HTTPS



•


•


•


•




•


•


31

•
•
•
•
•

Enter an appropriate label for the VIP, e.g. ViewInternal
Leave Persistence mode set to Source IP
Click Update


•


•


•
•
•
•
•

Enter an appropriate label for the RIP, e.g. Connection1
Click Update
Repeat the above steps to add your other Connection Server(s)

32





•


33

Method 2 – Load Balanced Phase 1 (Using Application cookie Persistence)

Connection Server Configuration
For each Connection Server leave the servers own IP address and uncheck all checkboxes as shown below:

Allowing HTTP connections
Since SSL is terminated on the load balancer, there will be an HTTP connection from the load balancer to the
Connection Servers. To enable this, follow these steps for each Connection Server:

•

Navigate to the folder C:Program FilesVMwareVMware ViewServersslgatewayconf

•

Create a text file called locked.properties with the following contents:
ServerProtocol=http

34

Port Requirements

Port

Protocol

Uses

443

TCP

HTTPS



•


•


•


•


Configure SSL Termination

•

Using the WUI, go to Cluster Configuration > SSL Termination and click

•


35

•
•
•
•
•
•
•

Enter an appropriate label for the VIP, e.g. ViewInternalSSL
Set the Backend Virtual Service IP Address field to same IP address, e.g. 192.168.100.10
Set the Backend Virtual Service Port field to 80
Leave other fields at their default values
Click Update



•


•


•
•


36

•
•
•

Set Persistence mode to None
Click Update


•


•


•
•
•
•
•

Enter an appropriate label for the RIP, e.g. Connection1
Click Update
Repeat the above steps to add your other Connection Server(s)

Configure Application Cookie Persistence
1) Disable the ability for the system to re-write the HAproxy Configuration – this ensures that the
manual configuration changes described in the following sections are not overwritten by the system:

•

Lock HAProxy Configuration checkbox

•

Click Update

2) Edit the HAProxy configuration file – this is required to allow for custom layer 7 configurations:

•

Using an editor either via the command line or using a utility such WinSCP, edit the file HAProxy.cfg
located in /etc/haproxy and add the line shown bold below:
listen ViewInternal
bind 192.168.110.100:80
mode tcp
balance leastconn
server backup 127.0.0.1:9081 backup non-stick
appsession JSESSIONID len 32 timeout 1800000
option redispatch

37

option abortonclose
maxconn 40000
…
…

•

Save the file

Upload The SSL Certificate
1) Export the SSL Certificate from one of the View Servers – note the following points when exporting the
certificate from Windows:

•
•

Make sure that the private key is included
Tick the option 'Include all certificates in the certification path if possible'

2) Convert the SSL Certificate from .pfx format to PEM format (required by the load balancer) – follow
the steps listed below:

•

Using Openssl on a Windows PC, convert the certificate using the following command:
openssl pkcs12 -in c:certscertificate.pfx -nodes -out c:certscertificate.pem

N.B. Openssl can be downloaded from: http://slproweb.com/products/Win32OpenSSL.html – you
can use either the 'light' version or the 'full' version
3) Import the SSL Certificate to the Load Balancer – follow the steps listed below:

•

Using the WUI goto: Cluster Configuration > SSL Termination, click [Certificate] next to the SSL VIP
created earlier

•
•
•

Using the browse option, navigate to and select the .pem file created in the previous step
Click Upload PEM file
Now restart Stunnel





•


38

Testing & Verification
Using System Overview
The System Overview is accessed using the WUI. It shows a graphical view of all VIPs & RIPs (i.e. the View
Servers) and shows the state/health of each server as well as the state of the each cluster as a whole. The
example below shows that both Connection Servers are healthy and available to accept connections.

The example below shows that the server 'Connection1' has been put in halt mode, in this situation all
connections will be sent to Connection2. Connection1 can be put back online by clicking the 'Online' link.

39

Layer 4 Status Report
The Layer 4 Status report gives a summary of layer 4 configuration and running stats as shown below. This
can be accessed in the WUI using the option: Reports > Layer 4 Status.

Layer 7 Statistics Report
The Layer 7 Statistics report gives a summary of all layer 7 configuration and running stats as shown below.
This can be accessed in the WUI using the option: Reports > Layer 7 Status.

Appliance Logs
Logs are available for both layer 4 and layer 7 services and can be very useful when trying to diagnose
issues. Layer 4 logs are active by default and can be accessed using the WUI option: Logs > Layer 4. Layer
7 logging is not enabled by default (because its extremely verbose) and can be enabled using the WUI
option: Cluster Configuration > Layer 7 – Advanced Configuration, and then viewed using the option: Logs >
Layer 7.

40

Technical Support
For more details or assistance with your deployment please don't hesitate to contact the support team at the
following email address: support@loadbalancer.org

Conclusion
Loadbalancer.org appliances provide a very cost effective solution for highly available load balanced VMware
Horizon View environments.

41

Appendix
1 – Configuring an HTTP to HTTPS redirect
This uses a custom later 7 VIP to ensure that if users type http://.... rather than https://..... they are
redirected accordingly.
e.g. http://view.robstest.com should be redirected to https://view.robstest.com
The steps:
1) Disable the ability for the system to re-write the HAProxy Configuration – this ensures that the
manual configuration changes described in the following section are not overwritten by the system.

•

Lock HAProxy Configuration option

2) Customize the HAProxy configuration – Using an editor such as vi or vim at the console or via a ssh
session, or using the default built-in editor included with WinSCP (not Notepad) modify the HAProxy
configuration file as follows:

•
•

Navigate to the directory /etc/haproxy and edit the file haproxy.cfg
Now copy/paste or enter the following two lines into the end of that file:
listen view-redirect 192.168.100.10:80
redirect location https://view.robstest.com/
(change the location IP Address & URL as required)

•

Save the file

3) Apply the new settings– to apply the new settings, HAProxy must be restarted:

•

Using the WUI, go to: Maintenance > Restart Services and click Restart HAProxy

2 – Clustered Pair Configuration – Adding a Slave Unit
If you initially configured just the master unit and now need to add a slave, please refer the section 'Adding a
slave unit after the master has been configured' in the v7.x administration manual which is available at the
following link: http://www.loadbalancer.org/pdf/loadbalanceradministrationv7.pdf.
Please don't hesitate to contact our support team if you need further assistance: support@loadbalancer.org

42

3 – Company Contact Information

Website

URL : www.loadbalancer.org

North America (US)

Loadbalancer.org, Inc.
270 Presidential Drive
Wilmington,
DE 19807
USA
Tel
Fax
Email (sales)
Email (support)

:
:
:
:

North America (Canada)

+1 866.229.8562 (24x7)
+1 302.213.0122
sales@loadbalancer.org
support@loadbalancer.org

Loadbalancer.org Ltd.
300-422 Richards Street
Vancouver, BC
V6B 2Z4
Canada
Tel
Fax
Email (sales)
Email (support)

:
:
:
:

Europe (UK)

+1 604.629.7575
+1 302.213.0122

Loadbalancer.org Ltd.
Portsmouth Technopole
Kingston Crescent
Portsmouth
PO2 8FA
England, UK
Tel
Fax
Email (sales)
Email (support)

:
:
:
:

Europe (Germany)

+44(0)870 4438779 (24x7)
+44(0)870 4327672

Loadbalancer.org GmbH
Alt Pempelfort 2
40211 Düsseldorf
Germany
Tel
Fax
Email (sales)
Email (support)

:
:
:
:

+49 (0)221 9793 7203
+49 (0)30 9203 836495
vertrieb@loadbalancer.org

43

Load balancing VMware Horizon View Deployment Handbuch

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (14)

Destaque

Destaque (7)

Semelhante a Load balancing VMware Horizon View Deployment Handbuch

Semelhante a Load balancing VMware Horizon View Deployment Handbuch (20)

Mais de Loadbalancer_org_Gmbh

Mais de Loadbalancer_org_Gmbh (7)

Último

Último (20)

Load balancing VMware Horizon View Deployment Handbuch